By properly setting the ProjectURL property, it is possible for an attacker to download an arbitrary dll file from a remote location and run the code in the dll in the context of the target process.
Use after free in Internet Explorer when handling a CDisplayPointer object via the use of a "onpropertychange" event handler. Successful control of the freed memory may leverage arbitrary code execution under the context of the user.
This module exploits a buffer overflow vulnerability in Adobe Flash Player in the flash.Display.Shader class when setting a Pixel Bender Filte as the Shader bytecode.
This vulnerability has been found exploited in-the-wild during April 2014.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
This vulnerability has been found exploited in-the-wild during April 2014.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
This module exploits a type confusion vulnerability in Adobe Flash Player.
This vulnerability has been found exploited in-the-wild during December 2013.
This update improves module documentation, exploit code and adds more vulnerable Adobe Flash Player versions.
This vulnerability has been found exploited in-the-wild during December 2013.
This update improves module documentation, exploit code and adds more vulnerable Adobe Flash Player versions.
This module exploits an integer underflow vulnerability in Adobe Flash Player. This vulnerability was exploited in 0day attacks in February 2014.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
This module exploits a vulnerability in Linux kernel by sending a big number of Router Advertisement messages to the target.
This module exploits a remote code execution vulnerability in EMC Data Protection Advisor (DAP). Vulnerable installations of EMC DPA exposes the EJBInvokerServlet invoker servlet which does not require any type of authentication by default on certain profiles and allow remote attackers to invoke MBean methods and execute arbitrary code.
This module exploits a type confusion vulnerability in Adobe Flash Player.
This vulnerability has been found exploited in-the-wild during December 2013.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
This vulnerability has been found exploited in-the-wild during December 2013.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
The OpenType Font driver in Microsoft Windows doesn't sufficiently validate user supplied input, leading to a denial of service vulnerability .
The AgentServlet class in the Web interface of HP ProCurve Agent is prone to an authentication bypass vulnerability when handling HEAD requests. This vulnerability can be abused by remote unauthenticated attackers to modify the configuration of the HP ProCurve Agent, which can ultimately be leveraged to access the Tornado service component and finally execute arbitrary code with SYSTEM privileges on the target machine.